[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS closure alert and auth/authz ID

To: ietf-ldapbis@OpenLDAP.org
Subject: TLS closure alert and auth/authz ID
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 21 Nov 2002 23:21:35 +0100

[authmeth] says:

> 5.2.2. TLS Connection Closure Effects 
>     
>    Closure of the TLS connection MUST cause the LDAP association to 
>    move to an anonymous authentication and authorization state 
>    regardless of the state established over TLS and regardless of the 
>    authentication and authorization state prior to TLS connection 
>    establishment. 

I think this information belongs in [Protocol], except the part about
authz ID.  If I have understood it correctly, this should cover it:

[Protocol] 4.13.3.1:

  Closure of the TLS connection causes the server to perform an implicit
  bind operation with version preserved, an empty name, and simple
  authentication with empty password.

[Authmeth]:

  A simple bind with a null name cause the LDAP association to 
  move to an anonymous authentication and authorization state.

I can't find the latter stated explicitly in [Authmeth] - not the part
of about authz id, anyway.

Does the part about simple authentication break anything if more complex
authentication had been in effect?

-- 
Hallvard

Follow-Ups:
- Re: TLS closure alert and auth/authz ID
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Failed or Abandoned Bind operations
Next by Date: Re: TLS closure alert and auth/authz ID
Index(es):
- Chronological
- Thread